Information on this site is advertising in nature

GDPR Compliance

Last updated: 15 June 2026

Our Commitment to Data Protection

petal-hare is committed to protecting the personal data of all individuals, including those residing in the European Economic Area (EEA). We comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Information

For the purposes of GDPR, petal-hare acts as the data controller for personal information collected through this website and our services.

Contact details:
Email: [email protected]
Address: Level 14, 385 Bourke Street, Melbourne VIC 3000, Australia

Legal Basis for Processing

We process personal data only when we have a lawful basis to do so. Our processing activities are based on:

Consent

Where you have given clear consent for us to process your personal data for specific purposes, such as receiving marketing communications or enabling non-essential cookies.

Contractual Necessity

Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract, such as providing our advisory services.

Legitimate Interests

Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights. This includes improving our services and ensuring website security.

Legal Obligation

Where processing is necessary for compliance with legal obligations to which we are subject.

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you and information about how we process it.

Right to Rectification

You have the right to request correction of any inaccurate personal data we hold about you, and to have incomplete data completed.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.

Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you.

Exercising Your Rights

To exercise any of your rights, please contact us using the details provided above. We will respond to your request within one month of receipt. In certain circumstances, we may extend this period by two further months, in which case we will inform you of the extension and reasons for it.

We may need to verify your identity before processing your request. There is generally no fee for exercising your rights, although we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.

International Data Transfers

As we are based in Australia, data transferred to us from the EEA will be subject to international transfer. We ensure that appropriate safeguards are in place, including:

  • Standard contractual clauses approved by the European Commission
  • Ensuring recipients are located in countries with adequate data protection laws
  • Implementing technical and organisational security measures

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements. Specific retention periods depend on the type of data and processing purpose.

Security Measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. For residents of the EEA, this would be the data protection authority in your country of residence.

Contact Us

For any questions regarding GDPR compliance or to exercise your rights, please contact us:

Email: [email protected]
Address: Level 14, 385 Bourke Street, Melbourne VIC 3000, Australia

We use cookies to enhance your browsing experience and analyse site traffic. By continuing, you consent to our use of cookies. Learn more